Comment #14 on issue 731 by goodb0fh: ActiveX support http://code.google.com/p/chromium/issues/detail?id=731
How much of "greenborder" technologies are implemented within Chrome? That *may* make me sleep better at night. However, I would like a way to absolutely positively turn activex support completely off, with no way to turn it back on within the running session. For Conrad and others who want ActiveX - it is an insecure piece of crap, go to the Risks mailing list (google for "risks" and go into catless site) and search for Authenticode. Bob Atkinson, the "architect" for ActiveX basically says that a broken screen saver had higher priorities within Microsoft during the design and implementation of ActiveX. So, years afterwards, they are still playing catch up on trying to fix security issues in ActiveX. An ActiveX control, once authorized, has full and complete control of you Windows environment. Not only that, once authorized, anyone and anything can call it. Now, like it has happened in the past with HP and others - a signed, shipped ActiveX control is vulnerable to a buffer overflow. Guess what happens? Any malicious site can call that control with a buffer overflow, and *BAM* you're owned. Unless Microsoft has significantly changed how ActiveX works, this is a serious issue. JUST SAY NO TO ACTIVEX! -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
